Merge pull request #389 from XeroAPI/PETOSS-516-Find-package-vulnerabilities-and-update-dependent-packages-for-Java

Petoss 516 find package vulnerabilities and update dependent packages for java

Author: vigneshk-tw

.github/workflows/build-lint-test.yml

@@ -20,7 +20,6 @@ jobs:
                 distribution: 'temurin'
                 java-version: '11'
                 cache: maven
-                gpg-passphrase: GPG_PASSPHRASE
 
             - name: Import GPG Key
               run: |
@@ -33,5 +32,5 @@ jobs:
                 export GPG_TTY=$(tty)
                 mvn clean verify -DskipTests=true
               env:
-                GPG_PASSPHRASE: ${{ secrets.GPG_PASSPHRASE }}  
+                MAVEN_GPG_PASSPHRASE: ${{ secrets.GPG_PASSPHRASE }}  
               working-directory: Xero-Java

pom.xml

@@ -41,7 +41,7 @@
 		<dependency>
 		    <groupId>com.auth0</groupId>
 		    <artifactId>java-jwt</artifactId>
-		    <version>3.19.4</version>
+		    <version>4.4.0</version>
 		</dependency>
 		<dependency>
 		    <groupId>com.auth0</groupId>
@@ -68,17 +68,17 @@
 		<dependency>
 			<groupId>commons-io</groupId>
 			<artifactId>commons-io</artifactId>
-			<version>2.7</version>
+			<version>2.17.0</version>
 		</dependency>
 		<dependency>
 			<groupId>jakarta.servlet</groupId>
 			<artifactId>jakarta.servlet-api</artifactId>
-			<version>6.0.0</version>
+			<version>6.1.0</version>
 		</dependency>
         <dependency>
             <groupId>org.mockito</groupId>
             <artifactId>mockito-core</artifactId>
-            <version>5.10.0</version>
+            <version>5.14.1</version>
             <scope>test</scope>
         </dependency>
 
@@ -92,7 +92,7 @@
         <dependency>
 			<groupId>org.slf4j</groupId>
 			<artifactId>slf4j-api</artifactId>
-			<version>1.7.30</version>
+			<version>2.0.16</version>
 		</dependency>
 
 	    <!-- JSON processing: jackson -->
@@ -159,7 +159,7 @@
 		<plugins>	
 			<plugin>
 				<artifactId>maven-deploy-plugin</artifactId>
-				<version>2.8.2</version>
+				<version>3.1.3</version>
 			</plugin>
             <plugin>
                 <groupId>org.apache.maven.plugins</groupId>
@@ -173,7 +173,7 @@
 			 <plugin>
                 <groupId>org.apache.maven.plugins</groupId>
                 <artifactId>maven-source-plugin</artifactId>
-                <version>3.0.1</version>
+                <version>3.3.1</version>
                 <executions>
                     <execution>
                         <id>attach-sources</id>
@@ -203,17 +203,17 @@
 			<plugin>
 				<groupId>org.apache.maven.plugins</groupId>
 				<artifactId>maven-pmd-plugin</artifactId>
-				<version>3.8</version>
+				<version>3.25.0</version>
 			</plugin>
 			<plugin>
 				<groupId>org.codehaus.mojo</groupId>
 				<artifactId>findbugs-maven-plugin</artifactId>
-				<version>3.0.4</version>
+				<version>3.0.5</version>
 			</plugin>
 			<plugin>
 				<groupId>org.apache.maven.plugins</groupId>
 				<artifactId>maven-war-plugin</artifactId>
-				<version>3.1.0</version>
+				<version>3.4.0</version>
 				<configuration>
 					<webXml>example/src/main/webapp/WEB-INF/web.xml</webXml>
 					<webResources>
@@ -232,7 +232,7 @@
 			<plugin>
 				<groupId>org.apache.maven.plugins</groupId>
 				<artifactId>maven-javadoc-plugin</artifactId>
-				<version>3.3.2</version>
+				<version>3.10.1</version>
 				<configuration>
 					<source>8</source>
 				</configuration>
@@ -248,7 +248,7 @@
 			<plugin>
 				<groupId>org.apache.maven.plugins</groupId>
 				<artifactId>maven-gpg-plugin</artifactId>
-				<version>1.6</version>
+				<version>3.2.7</version>
 				<executions>
 					<execution>
 						<id>sign-artifacts</id>
@@ -261,15 +261,14 @@
                     <arg>--pinentry-mode</arg>
                     <arg>loopback</arg>
                 </gpgArguments>
-				<passphraseServerId>gpg.passphrase</passphraseServerId>
             </configuration>
 					</execution>
 				</executions>
 			</plugin>
 			<plugin>
 				<groupId>org.sonatype.plugins</groupId>
 				<artifactId>nexus-staging-maven-plugin</artifactId>
-				<version>1.6.13</version>
+				<version>1.7.0</version>
 				<extensions>true</extensions>
 				<configuration>
 					<serverId>ossrh</serverId>
@@ -280,7 +279,7 @@
 			<plugin>
                 <groupId>org.apache.maven.plugins</groupId>
                 <artifactId>maven-surefire-plugin</artifactId>
-                <version>3.0.0-M4</version>
+                <version>3.5.0</version>
                 <configuration>
                     <argLine>-Duser.timezone=GMT-08:00</argLine>
                 </configuration>
@@ -292,12 +291,12 @@
 			<plugin>
 				<groupId>org.apache.maven.plugins</groupId>
 				<artifactId>maven-pmd-plugin</artifactId>
-				<version>3.8</version>
+				<version>3.25.0</version>
 			</plugin>
 			<plugin>
 				<groupId>org.codehaus.mojo</groupId>
 				<artifactId>findbugs-maven-plugin</artifactId>
-				<version>3.0.4</version>
+				<version>3.0.5</version>
 				<configuration>
 					<!-- Enables analysis which takes more memory but finds more bugs. If 
 						you run out of memory, changes the value of the effort element to 'low'. -->
@@ -316,12 +315,12 @@
         <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
         <project.reporting.outputEncoding>UTF-8</project.reporting.outputEncoding>
         <java.version>11</java.version>
-		<swagger-annotations-version>1.6.3</swagger-annotations-version>
-		<google-api-client-version>2.3.0</google-api-client-version>
+		<swagger-annotations-version>1.6.14</swagger-annotations-version>
+		<google-api-client-version>2.7.0</google-api-client-version>
 		<jersey-common-version>2.25.1</jersey-common-version>
-		<jackson-version>2.16.1</jackson-version>
-		<jackson-databind-version>2.16.1</jackson-databind-version>
-		<jackson-threetenbp-version>2.12.5</jackson-threetenbp-version>
+		<jackson-version>2.18.0</jackson-version>
+		<jackson-databind-version>2.18.0</jackson-databind-version>
+		<jackson-threetenbp-version>2.15.2</jackson-threetenbp-version>
         <junit-version>4.13.2</junit-version>
         <org-apache-httpcomponents>4.5.3</org-apache-httpcomponents>
         <jersey-version>3.1.5</jersey-version>